
bgpd - pf integration


The BGP protocol is an efficient way to distribute lists of network prefixes, so we integrated bgpd with our pf packet filter
 
bgpd can add prefixes learned from neighbors into a pf table
prefixes are selected using the bgpd filter language
tables use a radix tree, very fast even with lots of entries

pf tables can be used for pretty much anything:
packet filtering
redirection to spamd (BGP distributed spam blacklists)
QoS processing

